Commit 112d272d authored by Sympa authors's avatar Sympa authors Committed by IKEDA Soji
Browse files


parent ef9d1403
# Change Log
## [6.2.36](
[Full Changelog](
- Scenarios `subscribe.*` and `unsubscribe.*`: Now authentication by target user is required when anonymous/other user requested these actions [\#390]( Previously, if "open" scenario was used, an anonymous user on web interface could add subscriber without confirmation.
- WWSympa: Home-made color picker in CSS configuration page was replaced with external plugin [jQuery MiniColors]( [\#369](
- WWSympa: `referer` and `failure_refarer` parameters fed to login form (see [documentation]( for details) are limited within scope of `cookie_domain` to prevent XSS / open redirect [\#268](
- Default value of `--with-lockdir` option for `configure` script became `/var/lock/subsys` not according to `localstatedir` [\#403](
- Some Systemd unit files generated by source package were renamed: `wwsympa.service` and `sympasoap.service` [\#406](
**Implemented enhancements:**
- Update startup scripts [\#406]( ([ikedas](
- Domain without available wwsympa\_url parameter should deny web access [\#405]( ([ikedas](
- Let the default of `--with-lockdir` be `/var/lock/subsys` always [\#403]( ([ikedas](
**Fixed bugs:**
- DKIM per-list options not saved [\#412](
- Merge\_feature active and attached file with special characters [\#409](
- Error in the name of a function in wwsympa.fcgi [\#404](
- Internal Server Error: Can't locate object method "\_marshal\_format" in \(71\) [\#401](
- Rename a list takes incredible time [\#368](
- Avoid "subscribe spam" [\#302](
- XSS and open redirect on login form, CVE-2018-1000671 [\#268](
- Update startup scripts [\#406]( ([ikedas](
**Closed issues:**
- Issues with sending mails using special French characters [\#178](
## [6.2.35b.1]( (2018-08-26)
[Full Changelog](
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment